const koa = require('koa');
const router= require('koa-router');
const bodyParser = require('koa-bodyParser');
const cors  = require('@koa/cors');

const app = new koa();
const route = new router();
let currentUsername = ''; 
// 所有用户共享的数据，等同于持久化数据

app.use(bodyParser());

const login =async ctx=>{
    const req = ctx.request.body;
    const userName = req.userName;
    currentUsername = userName;

    ctx.response.body = {
        msg:'登录成功'
    }
}

const home =async ctx =>{
    ctx.body= currentUsername;
}

app.use(cors());
route.post('/login',login);
route.get('/home',home);
app.use(route.routes())
app.use(route.allowedMethods({

}))

// 跨站脚本攻击 植入js
app.use(async ctx=>{
    ctx.body = ctx.query.userName;
    // ctx.body = '<script>alert("反射型XSS攻击")</script>';
})

app.listen(3000,()=>{
    console.log('服务器启动')
})